This repository has been archived by the owner on Apr 24, 2018. It is now read-only.

Use nounce for replay protection #10

Open

rugk opened this issue Jun 30, 2017 · 0 comments

Labels

enhancement security

Owner

rugk commented Jun 30, 2017

From the Threema whitepaper:

Replay Prevention
The Threema app remembers the nonce of every message that has been sent in the past, and rejects messages with duplicate nonces. Since the server cannot successfully modify the nonce of a message without knowing the private key of one of the parties involved in the communication, this prevents a malicious server from replaying/duplicating previously sent messages.

rugk added enhancement security labels

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.